Over 290,000 citizens at risk: CloudSEK uncovers major data breach at Bangalore Water Supply and Sewerage Board

CloudSEK has revealed a critical breach in the infrastructure of the Bangalore Water Supply and Sewerage Board (BWSSB). The breach has left sensitive personal data of over 290,000 Bangalore residents vulnerable, after direct root access to BWSSB’s database was found being sold by a cybercriminal for just $500 on underground forums.

The discovery raises serious concerns about the security of public utilities and the potential for widespread misuse of citizens’ personal information.

CloudSEK’s investigation: A timeline of neglect

On April 10, 2025, CloudSEK’s proprietary digital risk monitoring platform XVigil flagged a post by a threat actor identified as pirates_gold, offering unrestricted access to BWSSB’s database. What makes this incident particularly disturbing is how easily this access was obtained – through exposed credentials and a publicly accessible admin login portal.

CloudSEK’s STRIKE Team traced the breach back to a publicly accessible .env file, containing plaintext MySQL ...